| #!/bin/bash |
| # Author: Iain Douglas <centos@1n6.org.uk> |
| # |
| |
| function ExitFail { |
| t_Log "FAIL" |
| exit $FAIL |
| } |
| |
| t_Log "Runing $0 - normal user password tests" |
| # Check that the passtest user cannot use the root only options |
| |
| t_Log "Checking a normal user cannot use root options" |
| |
| su passtest -c "passwd -l passtest" &>/dev/null && ExitFail |
| su passtest -c "passwd -u passtest" &>/dev/null && ExitFail |
| su passtest -c "passwd -e passtest" &>/dev/null && ExitFail |
| su passtest -c "passwd -n 10 passtest" &>/dev/null && ExitFail |
| su passtest -d "passwd -d passtest" &>/dev/null && ExitFail |
| su passtest -d "passwd -S passtest" &>/dev/null && ExitFail |
| t_Log "Pass" |
| |
| # Check the user can change their own password. Reset it to passtest and |
| # turn off min change days before trying. Password becomes ano24ther |
| |
| t_Log "Test user can change own password" |
| |
| echo "passtest" | passwd --stdin passtest &>/dev/null |
| passwd -n 0 passtest &>/dev/null |
| ./tests/p_passwd/_user_password.expect &>/dev/null |
| t_CheckExitStatus $? |
| |
| # Check that sending the wrong current password fails we send passtest |
| |
| t_Log "Check sending incorrect current password fails" |
| ./tests/p_passwd/_user_password.expect &>/dev/null |
| |
| if [ $? -eq "3" ] |
| then |
| t_Log "PASS" |
| else |
| ExitFail |
| fi |
| |
| # Check that user cannot immediately change password if minimum password |
| # lifeftime is enabled. |
| |
| t_Log "Testing Minimum password lifetine is enforced" |
| echo "passtest" | passwd --stdin passtest &>/dev/null |
| passwd -n 1 passtest &>/dev/null |
| ./tests/p_passwd/_user_password.expect &>/dev/null |
| |
| if [ $? -eq "2" ] |
| then |
| t_Log "PASS" |
| else |
| ExitFail |
| fi |
| |
| # Password complexity tests |
| echo "passtest" | passwd --stdin passtest &>/dev/null |
| passwd -n 0 passtest &>/dev/null |
| |
| # Check very short password is rejected (single letter) |
| t_Log "Test very short password is rejected (1 character)" |
| ./tests/p_passwd/_password_complexity.expect a &>/dev/null |
| t_CheckExitStatus $? |
| |
| # Check a short password is rejected (4 chars) |
| t_Log "Test short password is rejected (4 charaters)" |
| ./tests/p_passwd/_password_complexity.expect athe &>/dev/null |
| t_CheckExitStatus $? |
| |
| # Check password is rejected with insufficient complexity |
| t_Log "Test insufficiently complex password is rejected" |
| ./tests/p_passwd/_password_complexity.expect betabeta &>/dev/null |
| t_CheckExitStatus $? |
| |
| # Check palindromic password is rejected |
| t_Log "Check palindromic password is rejected" |
| ./tests/p_passwd/_password_complexity.expect qwe123321ewq &>/dev/null |
| t_CheckExitStatus $? |